Josh's Not-a-Blog - ugly hackshttp://www.feep.org/weblogs/josh/
Nailing my theses to an Internet outhouse.enSerendipity 1.5.5 - http://www.s9y.org/Fun with web formshttp://www.feep.org/weblogs/josh/archives/46-Fun-with-web-forms.html
geeky stuffugly hackshttp://www.feep.org/weblogs/josh/archives/46-Fun-with-web-forms.html#commentshttp://www.feep.org/weblogs/josh/wfwcomment.php?cid=460http://www.feep.org/weblogs/josh/rss.php?version=2.0&type=comments&cid=46nospam@example.com (Josh)
<p>I occasionally convert web form methods from POST to GET (the <a href="http://www.mozilla.com/en-US/firefox/">Firefox</a> <a href="https://addons.mozilla.org/en-US/firefox/addon/60">Web Developer Add-on</a> makes this simple) for purposes of bookmarking the resulting page. Sometimes it turns out to be more entertaining than expected.</p>
<p>While bookmarking a USPS detailed tracking result, looking at the URL made me realize that the bookmark wouldn't actually do anything useful. Nearly all the text on the page was the result of long strings passed as parameters to the CGI script. While this works, it's not exactly the nicest way to do it, and hiding behind the POST method doesn't make it any better. But it does make it entertaining, as you can change the tracking results to your heart's content.</p>
<p>One other notable web form gaffe was one I discovered a few years ago on the State Farm website. I wanted to email my State Farm representative, but didn't have her email address. On a lark, I took a look her &quot;contact me&quot; web form link on the State Farm website, and sure enough, her encoded email address was being passed as a parameter. Then I got curious, and tried passing other addresses to their web form. Sure enough, no input validation was being done, and their web form was effectively an open mail relay. I'm not sure if it's still like this, but it would be a fun hack to whip up a Perl SMTP server to take advantage of their generous relaying service.</p>
<p>So, in that spirit, <a href="http://trkcnfrm1.smi.usps.com/PTSInternetWeb/InterLabelDetail.do?writeMaText=false&amp;writeApcText=false&amp;editedTrackNum=02785091401819084584&amp;groupByFour=9102+7850+9140+1819+0845+84&amp;formattedLabel=9102785091401819084584&amp;numEvents=2&amp;guardDlvryDateStr=&amp;currentProtocol=10001101+11011011+111101+1111100&amp;mailPieceSufKey=9901&amp;serviceTypeCode=02&amp;notifyEnabled=true&amp;emailEnabled=true&amp;PODEnabled=false&amp;RREEnabled=false&amp;lastEventDateStr=&amp;lastEventTimeStr=&amp;lastEventCode=&amp;lastEventZip=&amp;podExpirDaysCnt=-1&amp;mpCreationDtmStr=2008-12-01+16%3A53%3A39.864644&amp;ivrClassCode=DC&amp;bpodCustomer=false&amp;event0=I%20occasionally%20convert%20web%20form%20methods%20from%20POST%20to%20GET%20%28the%20Firefox%20Web%20Developer%20Add-on%20makes%20this%20simple%29%20for%20purposes%20of%20bookmarking%20the%20resulting%20page.%20Sometimes%20it%20turns%20out%20to%20be%20more%20entertaining%20than%20expected.&amp;event1=While%20bookmarking%20a%20USPS%20detailed%20tracking%20result%2C%20looking%20at%20the%20URL%20made%20me%20realize%20that%20the%20bookmark%20wouldn%27t%20actually%20do%20anything%20useful.%20Nearly%20all%20the%20text%20on%20the%20page%20was%20the%20result%20of%20long%20strings%20passed%20as%20parameters%20to%20the%20CGI%20script.%20While%20this%20works%2C%20it%27s%20not%20exactly%20the%20nicest%20way%20to%20do%20it%2C%20and%20hiding%20behind%20the%20POST%20method%20doesn%27t%20make%20it%20any%20better.%20But%20it%20does%20make%20it%20entertaining%2C%20as%20you%20can%20change%20the%20tracking%20results%20to%20your%20heart%27s%20content.&amp;event2=One%20other%20notable%20web%20form%20gaffe%20was%20one%20I%20discovered%20a%20few%20years%20ago%20on%20the%20State%20Farm%20website.%20I%20wanted%20to%20email%20my%20State%20Farm%20representative%2C%20but%20didn%27t%20have%20her%20email%20address.%20On%20a%20lark%2C%20I%20took%20a%20look%20her%20%22contact%20me%22%20web%20form%20link%20on%20the%20State%20Farm%20website%2C%20and%20sure%20enough%2C%20her%20encoded%20email%20address%20was%20being%20passed%20as%20a%20parameter.%20Then%20I%20got%20curious%2C%20and%20tried%20passing%20other%20addresses%20to%20their%20web%20form.%20Sure%20enough%2C%20no%20input%20validation%20was%20being%20done%2C%20and%20their%20web%20form%20was%20effectively%20an%20open%20mail%20relay.%20I%27m%20not%20sure%20if%20it%27s%20still%20like%20this%2C%20but%20it%20would%20be%20a%20fun%20hack%20to%20whip%20up%20a%20Perl%20SMTP%20server%20to%20take%20advantage%20of%20their%20generous%20relaying%20service.&amp;event3=So%2C%20in%20that%20spirit%2C%20click%20to%20view%20this%20weblog%20post%20on%20the%20USPS%20tracking%20results%20page.&amp;Additional+Details.x=64&amp;Additional+Details.y=8&amp;Additional+Details=Go">click to view this weblog post on the USPS tracking results page</a>.</p>
Wed, 03 Dec 2008 08:56:00 -0500http://www.feep.org/weblogs/josh/archives/46-guid.htmlLocal news RSS feedshttp://www.feep.org/weblogs/josh/archives/59-Local-news-RSS-feeds.html
ugly hackshttp://www.feep.org/weblogs/josh/archives/59-Local-news-RSS-feeds.html#commentshttp://www.feep.org/weblogs/josh/wfwcomment.php?cid=590http://www.feep.org/weblogs/josh/rss.php?version=2.0&type=comments&cid=59nospam@example.com (Josh)
<p>Today I stumbled across a <a href="http://www.wotzwot.com/rssxl.php">web service</a> that scrapes a website and converts it into an RSS feed. I used this service to set up a feed for the <a href="http://www.mininggazette.com/">Daily Mining Gazette</a>'s <a href="http://www.mininggazette.com/stories/sections.asp?section=News">local news section</a>, since they don't provide their own feed:
<ul>
<li><a href="http://tinyurl.com/2tptpp">http://tinyurl.com/2tptpp</a></li>
</ul>I tested it with Firefox's <a href="http://www.mozilla.com/en-US/firefox/livebookmarks.html">Live Bookmark feature</a>, as well as with <a href="http://reader.google.com/">Google Reader</a>.</p>
<p>WLUC TV6 in Marquette has their own RSS feed:
<ul>
<li><a href="http://www.wluctv6.com/rss.aspx?feed=TV6_News">http://www.wluctv6.com/rss.aspx?feed=TV6_News</a><br /></li>
</ul></p>
Fri, 22 Feb 2008 11:51:00 -0500http://www.feep.org/weblogs/josh/archives/59-guid.htmlWeb fitness tracking sites hate Magellanhttp://www.feep.org/weblogs/josh/archives/88-Web-fitness-tracking-sites-hate-Magellan.html
geeky stuffugly hackshttp://www.feep.org/weblogs/josh/archives/88-Web-fitness-tracking-sites-hate-Magellan.html#commentshttp://www.feep.org/weblogs/josh/wfwcomment.php?cid=880http://www.feep.org/weblogs/josh/rss.php?version=2.0&type=comments&cid=88nospam@example.com (Josh)
<p>When I started bicycling a week or so ago, I wanted to use a site like <a href="http://www.motionbased.com/">MotionBased</a> to track my rides. MotionBased is owned by Garmin, so it's not a surprise that it doesn't handle Magellan's MapSend track format natively. Fine, no problem, I'll convert to <a href="http://www.topografix.com/gpx.asp">GPX</a> first and then upload my track.</p>
<p>MotionBased managed to mangle horribly each track that I uploaded. I verified that the GPX files were correct, but still, hate from MotionBased. Meh.</p>
<p>So, I searched for an alternative site. All of them favor or support only Garmin. Grumpy as I am, I said, &quot;Fine. I'll come up with my own thing.&quot; Here's what I'm using to generate the maps on this weblog.</p>
<p><a href="http://www.gpsvisualizer.com/">GPS Visualizer</a> is a very powerful site for handling GPS data. I started using the <a href="http://www.gpsvisualizer.com/map">map form</a> to generate PNGs for my posts, and was happy with the result. The problem was remembering the options I used each time.</p>
<p>I rooted through the web form, and came up with a URL that would give me the same results each time.<br /> </p>
<blockquote><code>http://www.gpsvisualizer.com/map?output&amp;format=png&amp;width=400&amp;height=auto&amp;margin=40&amp;units=us&amp;bg_map=demis_usa&amp;bg_opacity=70&amp;connect_segments=1&amp;trk_name=0&amp;trk_colorize=speed&amp;remote_data=http://homemachine.feep.org/~josh/gps/biking/20070728.trk</code></blockquote>
<p>Since I was using <a href="http://www.gpsbabel.org/">GPSBabel</a> to acquire the track from my GPS device, I thought that it was probably the time to put everything in a script.</p>
<p>I'll spare you the entire script, but the important parts follow.</p>
<p>Acquiring the track, putting it in a web-accessible location so that GPS Visualizer can load it up:<br /> </p>
<blockquote><code>gpsbabel -t -i magellan,baud=19200 -f /dev/ttyUSB0 \</code><br /><code>&#160;&#160; -o mapsend -F ~/public_html/gps/biking/20070728.trk</code></blockquote>
<p>Generating a PNG map using GPS Visualizer:<br /> </p>
<blockquote><code>wget -q -r -l1 -nd -np -A.png --user-agent=&quot;&quot; \</code><br /><code>&quot;http://www.gpsvisualizer.com/map?output&amp;format=png&amp;width=400&amp;height=auto&amp;margin=40&amp;units=us&amp;bg_map=demis_usa&amp;bg_opacity=70&amp;connect_segments=1&amp;trk_name=0&amp;trk_colorize=speed&amp;remote_data=http://homemachine.feep.org/~josh/gps/biking/20070827.trk&quot;</code></blockquote>
<p>I then take the resulting PNG in the current directory and upload it to the web server.</p>
<p>Of course, the script does more things, like date handling and error checking, but the snippets above are the useful parts. And now I can avoid buying a new fitness GPS device. Maybe.</p>
Sat, 28 Jul 2007 12:05:00 -0400http://www.feep.org/weblogs/josh/archives/88-guid.htmlAbuses of tar(1)http://www.feep.org/weblogs/josh/archives/110-Abuses-of-tar1.html
ugly hacksunixhttp://www.feep.org/weblogs/josh/archives/110-Abuses-of-tar1.html#commentshttp://www.feep.org/weblogs/josh/wfwcomment.php?cid=1100http://www.feep.org/weblogs/josh/rss.php?version=2.0&type=comments&cid=110nospam@example.com (Josh)
<p>Today I created an RPM for a fairly oddly-installed software package (I do this frequently). If you're not familiar with RPM, one its features is the use of &quot;pristine sources&quot;?the software author's distributed files are used as-is and modified in a repeatable way by the RPM build process.</p>
<p>Anyway, the package in question is ENVI 4.3.1. The ENVI 4.3 distribution conforms to their traditional semi-bizarre installation scheme, but the 4.3.1 patch is more interesting. I wanted to install the 4.3.1 patch as a part of the RPM build process, and found that the patch package was a collection of archives within archives.</p>
<p>It occurred to me to unpack these nested archives with one long pipeline, instead of unpacking to a temporary location, unpacking again, etc. The traditional <tt>rpmbuild</tt> process seems to favor using <tt>gzip -dc</tt> and <tt>tar -xf -</tt> instead of <tt>tar -xzf -</tt> which, for one of the patch archives, would have looked like this:</p>
<p><code>gzip -dc envi431linux.tar.gz | tar -xf - envi_platform.tar -O | tar -xf - envi431.linux.tar.gz -O | gzip -dc | tar -xf -</code></p>
<p>Which makes me chuckle. I first uncompress the distributed file (envi431linux.tar.gz), unpack the named file (envi_platform.tar) from that archive, unpack the desired file (envi431.linux.tar.gz) within <span style="font-style: italic;">that</span> archive, and then uncompress and unpack that last archive. This applies the patch archive without using a temporary directory.</p>
<p>Since I'm already using the probably-not-standard <tt>-O</tt> option with <tt>tar</tt>, I could just go the rest of the way and compact it to:</p>
<p><code>tar -xzf envi431linux.tar.gz envi_platform.tar -O | tar -xf - envi431.linux.tar.gz -O | tar -xzf -</code><br /><br />&quot;Pristine sources&quot; and lame installers equals fun scripts!</p>
Mon, 22 Jan 2007 22:23:00 -0500http://www.feep.org/weblogs/josh/archives/110-guid.html